About the recent attack - page 2. | Bitcointalksearch.org

Maged

legendary

Activity: 1204

Merit: 1015

Quote from: greyhawk on October 08, 2013, 04:17:12 AM

Quote from: phelix on October 08, 2013, 03:45:09 AM

Because it will be fixed if you reveal it and you lose access.

Not if you've got more than the backdoor you revealed.

You would have to have an additional whole SMF exploit to safely reveal your access, because when backdoors are suspected, people usually sanitize everything - just as we did here. Not even a backdoor embedded in the BIOS would have survived the cleanup that theymos did, since we completely changed hardware and rebuilt everything from the ground up. A backdoor in the database might still exist, but theymos looked pretty hard for those. So, other than that, the only way this guy is getting back in is if he has an exploit that anyone could have found.

Quote from: 🏰 TradeFortress 🏰 on October 08, 2013, 04:22:27 AM

The backdoor is specific to the forum. It's probably something as simple as eval() with certain arguments passed in obscure and unintended methods.

Probably...

🏰 TradeFortress 🏰

vip

Activity: 1302

Merit: 1042

👻

The backdoor is specific to the forum. It's probably something as simple as eval() with certain arguments passed in obscure and unintended methods.

greyhawk

hero member

Activity: 938

Merit: 1009

Quote from: phelix on October 08, 2013, 03:45:09 AM

Because it will be fixed if you reveal it and you lose access.

Not if you've got more than the backdoor you revealed.

TsuyokuNaritai

hero member

Activity: 574

Merit: 500

Quote from: myself on October 08, 2013, 03:55:37 AM

re enable BlackBox theme, this one is way too white

+1.

myself

legendary

Activity: 938

Merit: 1000

chaos is fun...…damental :)

re enable BlackBox theme, this one is way too white

phelix

legendary

Activity: 1708

Merit: 1019

Quote from: theymos on October 07, 2013, 06:18:14 PM

Quote from: QuestionAuthority on October 07, 2013, 05:52:53 PM

SMF v2.0.2 has many vulnerabilities.

Yeah. SMF 2.x is basically 1.x with more features (ie. more attack area) and a slightly more secure database escaping scheme. Upgrading probably isn't worthwhile unless we want the better license.

1.x makes perfect sense then. Maybe the sanitizing part can be backported/improved.

Are there any logs of hacking action? When was the backdoor placed again?

Quote from: repentance on October 07, 2013, 10:33:45 PM

Quote from: phelix on October 07, 2013, 04:10:57 PM

The big question is why was the backdoor revealed? Just for the lulz? Or was it a second hax0r?

Why not reveal it? It was going to be discovered eventually by those trying to fix the forum and revealing that a two year old backdoor was used made it more difficult for theymos to claim it was some new, previously unheard of exploit. There's some lulz to be had when you tell someone how you did something just after it happens and it still takes them days to find and fix the problem.

Because it will be fixed if you reveal it and you lose access.

There are plenty of other much worse things the hacker could have done, that would even have made him money. Hopefully we are lucky and it was a gray hat. On the other hand side - who would like to really call for the wrath of this forum...

HellDiverUK

hero member

Activity: 1246

Merit: 501

Quote from: tspacepilot on October 08, 2013, 01:45:04 AM

So, if there are so many problems with SMF, why does thermos still use it? There must be some open-source forum software that could be used.

Usually laziness. Most forums software will import the database from other forums. There's plenty - phpBB is the biggest one, OK it has it's problems too, but it's being worked on constantly by the developers.

HellDiverUK

hero member

Activity: 1246

Merit: 501

Well, this could well be coincidence, but someone's been trying very hard to get in to my iCloud account the past day or so. The iCloud username is the same as the email I used here (a GMail account).

I've reset both the GMail and iCloud account passwords, and put double auth on the GMail, but it's annoying getting "iForgot" emails every 15 minutes...

Swordsoffreedom

legendary

Activity: 2758

Merit: 1115

Leading Crypto Sports Betting & Casino Platform

2011 Wow that is an old exploit, whoever broke into the system bided their time executing that code.

tspacepilot

legendary

Activity: 1456

Merit: 1076

I may write code in exchange for bitcoins.

So, if there are so many problems with SMF, why does thermos still use it? There must be some open-source forum software that could be used. At least in that case the skills of the thousands of people using this forum and offering opinions about the code could be put to some profitable use. Right?

surebet

hero member

Activity: 495

Merit: 507

As a side note is there any new restrictions on avatars now, namely the ability to change them?

I have a 80x80 gif I'd like to use that comes out to either 21 or 28k depending, no mention in the usercp about restrictions.

repentance

hero member

Activity: 868

Merit: 1000

Quote from: phelix on October 07, 2013, 04:10:57 PM

The big question is why was the backdoor revealed? Just for the lulz? Or was it a second hax0r?

Why not reveal it? It was going to be discovered eventually by those trying to fix the forum and revealing that a two year old backdoor was used made it more difficult for theymos to claim it was some new, previously unheard of exploit. There's some lulz to be had when you tell someone how you did something just after it happens and it still takes them days to find and fix the problem.

surebet

hero member

Activity: 495

Merit: 507

Quote from: phelix on October 07, 2013, 04:10:57 PM

The big question is why was the backdoor revealed? Just for the lulz? Or was it a second hax0r?

Revealed as explained or used? I'd would probably be a mixture of courtesy, "wtf the two year old backdoor still works" factor and just sharing knowledge.

Quote from: monbux on October 07, 2013, 04:13:05 PM

Yes, that was a scray run, hopefullyw on't happen again. Any *cough* um, accusations of who attacked?

Quote from: QuestionAuthority on October 07, 2013, 04:16:52 PM

Are you the same surebet that's a member of this exploit database site http://1337day.com that has a private section containing SMF exploits?

No.

joesmoe2012

hero member

Activity: 882

Merit: 501

Ching-Chang;Ding-Dong

I'm all for an upgrade. Also, why do we need ads seeing as we have a huge fund to pay for the forum? They are really annoying.

MagicBit15

sr. member

Activity: 294

Merit: 250

Let's Start a Cryptolution!!

My forum is back thank god. I felt so empty without my BTC talk Undecided

.

Great work theymos!!

Welsh

staff

Activity: 3248

Merit: 4110

Quote from: r3wt on October 07, 2013, 07:26:08 PM

Quote from: theymos on October 07, 2013, 06:18:14 PM

Quote from: QuestionAuthority on October 07, 2013, 05:52:53 PM

SMF v2.0.2 has many vulnerabilities.

Yeah. SMF 2.x is basically 1.x with more features (ie. more attack area) and a slightly more secure database escaping scheme. Upgrading probably isn't worthwhile unless we want the better license.

iirc the latest build is 2.0.5 and is quite secure....

It's got more features which are means more vulnerabilities. He's right, it's more than likely better to stay on this version. Although, upgrading to a different forum system may be better but would require more downtime and more hassle.

r3wt

hero member

Activity: 686

Merit: 504

always the student, never the master.

Quote from: theymos on October 07, 2013, 06:18:14 PM

Quote from: QuestionAuthority on October 07, 2013, 05:52:53 PM

SMF v2.0.2 has many vulnerabilities.

Yeah. SMF 2.x is basically 1.x with more features (ie. more attack area) and a slightly more secure database escaping scheme. Upgrading probably isn't worthwhile unless we want the better license.

iirc the latest build is 2.0.5 and is quite secure....

QuestionAuthority

legendary

Activity: 2156

Merit: 1393

You lead and I'll watch you walk away.

Securing the forum requires fewer people with access not upgrading to an unknown quantity. At least using an older version means most of the vulnerabilities are known.

theymos

administrator

Activity: 5166

Merit: 12850

Quote from: QuestionAuthority on October 07, 2013, 05:52:53 PM

SMF v2.0.2 has many vulnerabilities.

Yeah. SMF 2.x is basically 1.x with more features (ie. more attack area) and a slightly more secure database escaping scheme. Upgrading probably isn't worthwhile unless we want the better license.

bitfreak!

legendary

Activity: 1536

Merit: 1000

electronic [r]evolution

Quote from: QuestionAuthority on October 07, 2013, 05:52:53 PM

Don't fool yourself into a false sense of security. SMF v2.0.2 has many vulnerabilities.

It seems like you are referring to the same vulnerabilities referenced in this thread:

http://www.simplemachines.org/community/index.php?topic=482530.0

The SMF Project Manager had this to say about it:

Quote

this is, essentially, BS...

not because it's not true... but because in order to take advantage of it, the person needs to already have access to the admin section... and if you have full access to the admin section, you already have access to ALL of the users' data and the ability to upload packages - so this "injection" complaint is really kinda silly.

Not that I really care if we update or not, because I can understand the advantages and disadvantages of both actions. But I would like to see something happen to make this forum a bit more secure.

Topic: About the recent attack - page 2. (Read 13991 times)